require "test_helper"

class JoinCodesControllerTest < ActionDispatch::IntegrationTest
  setup do
    @account = accounts("37s")
    @join_code = account_join_codes(:"37s")
  end

  test "new" do
    get join_path(code: @join_code.code, script_name: @account.slug)

    assert_response :success
    assert_in_body "37signals"
  end

  test "new with an invalid code" do
    get join_path(code: "INVALID-CODE", script_name: @account.slug)

    assert_response :not_found
  end

  test "new with an inactive code" do
    @join_code.update!(usage_count: @join_code.usage_limit)

    get join_path(code: @join_code.code, script_name: @account.slug)

    assert_response :gone
    assert_in_body "That code is all used up"
  end

  test "create" do
    assert_difference -> { Identity.count }, 1 do
      assert_difference -> { User.count }, 1 do
        post join_path(code: @join_code.code, script_name: @account.slug), params: { email_address: "new_user@example.com" }
      end
    end

    assert_redirected_to session_magic_link_url(script_name: nil)
    assert_equal new_users_verification_url(script_name: @account.slug), session[:return_to_after_authenticating]
  end

  test "create for existing identity" do
    identity = identities(:jz)
    sign_in_as :jz

    assert identity.users.exists?(account: @account), "JZ should be a member of 37s for this test"
    assert identity.users.find_by!(account: @account).setup?, "JZ's user should be setup for this test"

    assert_no_difference -> { Identity.count } do
      assert_no_difference -> { User.count } do
        post join_path(code: @join_code.code, script_name: @account.slug), params: { email_address: identity.email_address }
      end
    end

    assert_redirected_to landing_url(script_name: @account.slug)
  end

  test "create for signed-in identity without a user in the account redirects to verification" do
    identity = identities(:mike)
    sign_in_as :mike

    assert_not identity.users.exists?(account: @account), "Mike should not be a member of 37s for this test"

    assert_no_difference -> { Identity.count } do
      assert_difference -> { User.count }, 1 do
        post join_path(code: @join_code.code, script_name: @account.slug), params: { email_address: identity.email_address }
      end
    end

    assert_redirected_to new_users_verification_url(script_name: @account.slug)
  end

  test "create for different identity terminates existing session" do
    sign_in_as :kevin

    assert_difference -> { Identity.count }, 1 do
      assert_difference -> { User.count }, 1 do
        post join_path(code: @join_code.code, script_name: @account.slug), params: { email_address: "new_user@example.com" }
      end
    end

    assert_redirected_to session_magic_link_url(script_name: nil)
    assert_not_predicate cookies[:session_token], :present?
  end

  test "create with invalid email address" do
    # Avoid Sentry exceptions when attackers try to stuff invalid emails into the system
    without_action_dispatch_exception_handling do
      assert_no_difference -> { Identity.count } do
        assert_no_difference -> { User.count } do
          post join_path(code: @join_code.code, script_name: @account.slug), params: { email_address: "not-a-valid-email" }
        end
      end
      assert_response :unprocessable_entity
    end
  end
end
